new file mode 100644
@@ -0,0 +1,60 @@
+From 36cd5554b50656f3492197f0fc02534dcc6b980f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Tue, 13 May 2025 10:34:08 +0200
+Subject: [PATCH] transport: Initialize function pointers after resource
+ allocation
+
+The transport instance is freed when an error occurs.
+If the TransportDisconnect function pointer is initialized it
+causes SIGSEGV during free.
+
+CVE: CVE-2025-4478
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/a4bb702aa62e4fad91ca99142de075265555ec18]
+(cherry picked from commit a4bb702aa62e4fad91ca99142de075265555ec18)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ libfreerdp/core/transport.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
+index a2a899b79..552a28a60 100644
+--- a/libfreerdp/core/transport.c
++++ b/libfreerdp/core/transport.c
+@@ -1560,18 +1560,6 @@ rdpTransport* transport_new(rdpContext* context)
+ if (!transport->log)
+ goto fail;
+
+- // transport->io.DataHandler = transport_data_handler;
+- transport->io.TCPConnect = freerdp_tcp_default_connect;
+- transport->io.TLSConnect = transport_default_connect_tls;
+- transport->io.TLSAccept = transport_default_accept_tls;
+- transport->io.TransportAttach = transport_default_attach;
+- transport->io.TransportDisconnect = transport_default_disconnect;
+- transport->io.ReadPdu = transport_default_read_pdu;
+- transport->io.WritePdu = transport_default_write;
+- transport->io.ReadBytes = transport_read_layer;
+- transport->io.GetPublicKey = transport_default_get_public_key;
+- transport->io.SetBlockingMode = transport_default_set_blocking_mode;
+-
+ transport->context = context;
+ transport->ReceivePool = StreamPool_New(TRUE, BUFFER_SIZE);
+
+@@ -1610,6 +1598,18 @@ rdpTransport* transport_new(rdpContext* context)
+ if (!InitializeCriticalSectionAndSpinCount(&(transport->WriteLock), 4000))
+ goto fail;
+
++ // transport->io.DataHandler = transport_data_handler;
++ transport->io.TCPConnect = freerdp_tcp_default_connect;
++ transport->io.TLSConnect = transport_default_connect_tls;
++ transport->io.TLSAccept = transport_default_accept_tls;
++ transport->io.TransportAttach = transport_default_attach;
++ transport->io.TransportDisconnect = transport_default_disconnect;
++ transport->io.ReadPdu = transport_default_read_pdu;
++ transport->io.WritePdu = transport_default_write;
++ transport->io.ReadBytes = transport_read_layer;
++ transport->io.GetPublicKey = transport_default_get_public_key;
++ transport->io.SetBlockingMode = transport_default_set_blocking_mode;
++
+ return transport;
+ fail:
+ WINPR_PRAGMA_DIAG_PUSH
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
file://CVE-2024-32660.patch \
file://CVE-2024-32661.patch \
file://CVE-2024-32662.patch \
+ file://CVE-2025-4478.patch \
"
S = "${WORKDIR}/git"